Vault Configuration for Database Assessment

Before you proceed with creating a database assessment profile, first create a secure database vault connection.

To know the prerequisites for using the Central credential Provider (CCP) and Credential Provider (CP), refer to Prerequisites for Windows Operating Systems.

To learn about managing the vault configuration profiles, refer to Permission Controls for Vault Configuration.

Create Vault Connection

  1. Navigate to Configuration > Vault to create a new vault connection.
  2. Click New Secure Vault Connection and enter the following information.

    Window to create new vault connection.

    Name: Enter the unique name for your vault connection.

    Vault Type: We are currently supporting only the CyberArk vault.

    Secret Manager Type: Select the secret manager as a Credential Provider (CP) or Central Credential Provider (CCP).

    If you want to fetch database credentials from a vault specific to a Cloud Agent host, select the CP as the Secret Manager Type. If you want to fetch database credentials from a common vault for your subscription, select the CCP.

    Vault Credentials: To access the database credentials from the CyberArk vault, enter the vault application ID and URL.

    The Application ID and vault URL are generated while setting up the CyberArk vault.

    Bypass Proxy: When proxies are configured, Cloud Agent routes all its outbound connections via a proxy. If you enable the Bypass Proxy option, Cloud Agent attempts a direct connection to the CuberArk Vault, bypassing the configured proxies. By default, this feature is enabled for all vault configuration profiles, meaning, the Cloud Agent attempts a direct connection to the CyberArk Vault.

    Bypass Server SSL Verification: Select this checkbox to bypass the server SSL verification. You can use this option when the server authentication can not be done due to some environmental issues, such as HTTPS certificate expiration. By default, this option is disabled, meaning the Cloud Agent will follow normal authenication process while connecting to the CyberArk vault.

Quick Actions Menu

To view the Quick Actions menu, select the existing vault connection and click the down arrow.

From the Quick Actions menu, you can view connection details, edit them, or delete a connection.

Quick Actions menu window for Vault Connections.

View Vault Connection Details

Click View Details in the Quick Actions menu to view connection details.

View Vault Connection details window.

The vault connection details window displays the connection's vault type, secret manager type, and vault credentials.

Edit Vault Connection

Click Edit in the Quick Actions menu to edit the Vault Connection.

Edit Vault Connection settings window.

You can not edit the Secret Manager Type for the subscription-level profile.

Delete Vault Connection

Click Delete in the Quick Actions menu to permanently delete the vault connection.

Confirmation dialogue box for deleting vault connection.